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'97, Volume 27 Issue 4- 
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Datagram services provide a simple, flexible, robust, and scalable communication 
abstraction; their usefulness has been well demonstrated by the success of IP, UDP, and 
RPC. Yet, the overwhelming majority of network security protocols that have been 
proposed are geared towards connection-oriented communications. The few that do cater 
to datagram communications tend to either rely on long term host-pair keying or impose 
a session-oriented (i.e., requiring connection setup) semantics. Separately, t ... 

Wireless com munication and n etworkin g s ystem im plem entation: Develo pment of an Q 
ASIP enabling flows in ethernet access using a re t a rgetable compilation fl ow 
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April 2007 Proceedings of the conference on Design, automation and test in Europe 

DATE '07 
Publisher: EDA Consortium 

Full text available: t jg?| pdf d 2 5 . 68 KB) Additional Information: full cit ation, abstract, references 

In this paper we research an FPGA based Application Specific Instruction Set Processor 
(ASIP) tailored to the needs of a flow aware Ethernet access node using a retargetable 
compilation flow. The toolchain is used to develop an initial processor design, asses the 
performance and identify the potential bottlenecks. 

A second design iteration results in a fully optimized ASIP with a VLIW instruction set 
which allows for high degree of parallelism among the functional units inside the ASIP ... 
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This paper describes an environment for visualizing packet traces that greatly simplifies 
troubleshooting protocol implementations. Network management centers routinely collect 
packet traces to tally traffic statistics and to troubleshoot protocol configuration and 
implementation problems. Previous efforts have focused on the reliable collection of 
traces and their statistical interpretation. Display of packet traces was restricted to a 
textual representation of the raw headers. Our prototy ... 

4 N ormalizin g Traffic Pattern with Anonymity for Mission Critical A p plications Q 
Dongxi Liu, Chi-Hung Chi, Ming Li 

April 2004 Proceedings of the 37th annual symposium on Simulation ANSS '04 

Publisher: IEEE Computer Society 

Full text available;^ pdf(13 6. 16 K B) Additional Information: full citatio n , abstract, index terms 

Intruders often want to analyze traffic pattern to getinformation for his some malicious 
activities inultra-secure network. This paper presents a generalapproach to prevent traffic 
pattern of IP-based networkfrom being analyzed. It is an isolated scheme which canbe 
used to prevent traffic analysis in overall network byachieving the same goal in each 
network segmentindependently, On each network segment,complementary traffic is 
generated according to its realtraffic, and the combination of these ... 

5 Trading packet headers for packet pro cess ing Q 

❖ Girish P. Chandranmenon, George Varghese 
October 1995 ACM SIGCOMM Computer Communication Review , Proceedings of the 
conference on Applications, technologies, architectures, and protocols 
for computer communication SIGCOMM '95, volume 25 issue 4 
Publisher: ACM Press 

r- „ * ♦ , a a<h K*a\ Additional Information: full citation , abstra ct, references , citings, index 

Full text available: pdf(1 .2 1 MB) 

^ # terms 

In high speed networks, packet processing is relatively expensive while bandwidth is 
cheap. Thus it pays to add information to packet headers to make packet processing 
easier. While this is an old idea, we describe several specific new mechanisms based on 
this principle. We describe a new technique, source hashing, which can provide 0(1) 
lookup costs at the Data Link, Routing, and Transport layers. Source hashing is especially 
powerful when combined with the old idea of a flow I ... 

6 The Click modular router Q 
ygty Robert Morris, Eddie Kohler, John Jannotti, M. Frans Kaashoek 

December 1999 ACM SIGOPS Operating Systems Review , Proceedings of the 

seventeenth ACM symposium on Operating systems principles SOSP 

'99, Volume 33 Issue 5 
Publisher: ACM Press 

Full text available: ffl pdf(1 .46 MB) Additional Information: ful I citation, abstract, references, citings, index 
' — 1 terms 

Click is a new software architecture for building flexible and configurable routers. A Click 
router is assembled from packet processing modules called elements. Individual elements 
implement simple router functions like packet classification, queueing, scheduling, and 
interfacing with network devices. Complete configurations are built by connecting 
elements into a graph; packets flow along the graph's edges. Several features make 
individual elements more powerful and complex configuration ... 
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^ Shiva Chaitanya, Kevin Butler, Anand Sivasubramaniam, Patrick McDaniel, Murali Vilayannur 
October 2006 Proceedings of the second ACM workshop on Storage security and 

survivability StorageSS '06 
Publisher: ACM Press 

Full text available: g pdf(296.66 KB) Additional Information: full citation , abstra ct, references , index terms 

This paper studies the performance and security aspects of the iSCSI protocol in a 
network storage based system. Ethernet speeds have been improving rapidly and network 
throughput is no longer considered a bottleneck when compared to Fibre-channel based 
storage area networks. However, when security of the data traffic is taken into 
consideration, existing protocols like IPSec prove to be a major hindrance to the overall 
throughput. In this paper, we evaluate the performance of iSCSI when deploye ... 



Keywords: IPSec, authentication, encryption, iSCSI 



Trading_packet headers for packet processing 
Girish P. Chandranmenon, George Varghese 

April 1996 IEEE/ ACM Transactions on Networking (TON), volume 4 issue 2 
Publisher: IEEE Press 

— . . . « u . is»i f i(H,uiD\ Additional information: full citation, references , citings, index terms , 

Fuil text available: to pdfd. 41 MB) 
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9 MobHity. support in IPv6 Q 
$y Charles E. Perkins, David B. Johnson 

& November 1996 Proceedings of the 2nd annual international conference on Mobile 
computing and networking MobiCom '96 

Publisher: ACM Press 

Full text available:^ pdfd. 37 MB) Additional Information: full citation , references , citings, index terms 
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^ Chen-Nee Chuah, Lakshminarayanan Subramanian, Randy H. Katz 

October 2003 ACM SIGCOMM Computer Communication Review, volume 33 issue 5 

Publisher: ACM Press 

Full text available: t jg pdf(281 .1 5 KB ) Additional Information: full citation, abstract, ref erenc es 

This paper proposes a detection mechanism called DCAP for a network provider to 
monitor incoming traffic and identify misbehaving flows without having to keep per-flow 
accounting at any of its routers. Misbehaving flows refer to flows that exceed their 
stipulated bandwidth limit. Through collaborative aggregate policing at both ingress and 
egress nodes, DCAP is able to quickly narrow the search to a candidate group that N 
contains the misbehaving flows, and eventually identify the individua ... 

Keywords: flow-level accounting, misbehaving flow detection, traffic policing 
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A router-based packet-filtering firewall is an effective way of protecting an enterprise 
network from unauthorized access. However, it will not work efficiently in an ATM network 
because it requires the termination of end-to-end ATM connections at a packet-filtering 
router, which incurs huge overhead of SAR (Segmentation and Reassembly). Very few 
approaches to this problem have been proposed in the literature, and none is completely 
satisfactory. In this paper we present the hardware desig ... 

Keywords: TCP/IP, asynchronous transfer mode, firewall, packet filtering, switch 
architecture 
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Chip Elliott, David Pearson, Gregory Troxel 
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Full text available: ™ pdf( 809.93 KB) - - *~ 

^ terms 

BBN, Harvard, and Boston University are building the DARPA Quantum Network, the 
world's first network that delivers end-to-end network security via high-speed Quantum 
Key Distribution, and testing that Network against sophisticated eavesdropping attacks. 
The first network link has been up and steadily operational in our laboratory since 
December 2002. It provides a Virtual Private Network between private enclaves, with user 
traffic protected by a weak-coherent implementation of quantum cryptogra ... 

Keywords: IPsec, cryptographic protocols, error correction, key agreement protocols, 
privacy amplification, quantum cryptography, quantum key distribution, secure networks 
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This paper describes work centred around providing greater autonomy for mobile nodes to 
roam in Mobile IPv6 wireless networks based on a new handoff mechanism. This 
technique, called the Client-based Handoff, enables mobile nodes to roam in foreign 
wireless networks without having to be controlled by the network infrastructure. The 
mechanism incorporates three algorithms: a router advertisement cache, the invocation 
of TCP mechanisms and techniques to handle subnetwork outages in order to reduce ... 
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Since IP packet reassembly requires resources, a denial of service attack can be mounted 
by swamping a receiver with IP fragments. In this paper we argue how this attack need 
not affect protocols that do not rely on IP fragmentation, and argue how most protocols, 
e.g., those that run on top of TCP, can avoid the need for fragmentation. However, 
protocols such as IPsec's IKE protocol, which both runs on top of UDP and requires 
sending large packets, depend on IP packet reassembly. Photuris, an ea ... 

Keywords: DoS, IKE, IPsec, buffer exhaustion, denial of service, fragmentation, network 
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Computers capable of attaching to the Internet from many places are likely to grow in 
popularity until they dominate the population of the Internet. Consequently, protocol 
research has shifted into high gear to develop appropriate network protocols for 
supporting mobility. This introductory article attempts to outline some of the many 
promising and interesting research directions. The papers in this special issue indicate the 
diversity of viewpoints within the research community, and it is ... 
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This paper discusses some of the recent work within the Broadband Radio Access Network 
(BRAN) project of ETSI (European Telecommunications Standards Institute), regarding 
the issue of establishing an interworking solution between Hiperlan/2 and 3G cellular 
systems and introduces the concept of Hiperlan/2 Public Access. So far the BRAN project 
has identified several fundamentally different types of possible solutions whose 
differences lie within the level of integration. The most essential requir ... 
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Current technology trends make it possible to build communication networks that can 
support high-performance distributed computing. This paper describes issues in the 
design of a prototype switch for an arbitrary topology point-to-point network with link 
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speeds of up to 1 Gbit/s. The switch deals in fixed-length ATM-style cells, which it can 
process at a rate of 37 million cells per second. It provides high bandwidth and low 
latency for datagram traffic. In addition, it supports real-time t ... 
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Attempts to generalize the Internet's point-to-point communication abstraction to provide 
services like multicast, anycast, and mobility have faced challenging. technical problems 
and deployment barriers. To ease the deployment of such services, this paper proposes a 
general, overlay-based Internet Indirection Infrastructure (/3) that offers a rendezvous- 
based communication abstraction. Instead of explicitly sending a packet to a destination, 
each packet is associated with an identifier; t ... 

Keywords: anycast, indirection, mobility, multicast, network infrastructure, service 
composition 
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Attempts to generalize the Internet's point-to-point communication abstraction to provide 
services like multicast, anycast, and mobility have faced challenging technical problems 
and deployment barriers. To ease the deployment of such services, this paper proposes 
an overlay-based Internet Indirection Infrastructure ( 13) that offers a rendezvous-based 
communication abstraction. Instead of explicitly sending a packet to a destination, each 
packet is associated with an identifier; this identifier ... 
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